search

MusicPlayerDaemon / MPD

Music Player Daemon
https://www.musicpd.org/
GNU General Public License v2.0
2.17k stars 352 forks source link

BSD-2-Clause license file missing, licensing information too unspecific #1877

Closed dvzrv closed 1 year ago

dvzrv commented 1 year ago

Bug report

Describe the bug

Hi! I maintain this project as a package for Arch Linux. As we have started make use of SPDX license identifiers in our package sources and taken greater care in figuring out upstream's licensing situation, I looked into mpd's sources a bit more closely.

I noticed quite a few files that are licensed under BSD-2-Clause: https://github.com/search?q=repo%3AMusicPlayerDaemon%2FMPD%20SPDX-License-Identifier%3A%20BSD-2-Clause&type=code I was not able to find a dedicated license file for this, but am required to package a license file alongside source and binary distributions of said code.

Additionally, it seems, that most other files are licensed under the terms of the GPL-2.0-or-later (https://github.com/search?q=repo%3AMusicPlayerDaemon%2FMPD%20SPDX-License-Identifier%3A%20GPL-2.0&type=code). The legal section in the README specifies "MPD is released under the GNU General Public License version 2", which would probably rather refer to GPL-2.0-only.

In other software projects I am currently using reuse, which helps me a great deal in finding files without dedicated license attribution and unifies making license files available in a top-level LICENSES directory. Maybe this is also a useful approach for mpd.

Expected Behavior

There is a license file for each license used in the repository.

Actual Behavior

There is unfortunately no license file for BSD-2-Clause.

Version

n/a

Configuration

n/a

Log

n/a

dvzrv commented 10 months ago

@MaxKellermann the license files are unfortunately not included in the source tarball. Can you please add them for the next release?

Also, the BSD-2-Clause license requires setting the Copyright (c) <year> <owner> bits.

MaxKellermann commented 10 months ago

The commit is not part of MPD 0.23.x, it was only merged in master, therefore you don't see its effects on the 0.23.15 release.

Also, the BSD-2-Clause license requires setting the Copyright (c) <year> <owner> bits.

The license cannot "require" anything, it is just a piece of text. What or who is really requiring this?

dvzrv commented 10 months ago

The commit is not part of MPD 0.23.x, it was only merged in master, therefore you don't see its effects on the 0.23.15 release.

Ah I see. I am not super familiar with the merge strategy of this project :)

The license cannot "require" anything, it is just a piece of text. What or who is really requiring this?

Maybe I phrased this insufficiently as I was in a hurry. The file added in the commit is a template and as such does not carry the date and copyright holder statements, which indicate in which year the statement was made by whom. Similar to other licenses, such as the MIT license, this specific information ties a legal entity (e.g. a person or an institution) to a body of work and ensures, that whoever is using this work is legally allowed to e.g. redistribute or build upon this work and can (if in doubt) contact an entity about this. As such, all downstreams care about these statements.